<?php

// +---------------------------------------------+
// |     Copyright  2010 - 2018 InterPhoto       |
// |     http://www.weentech.com                 |
// |     This file may not be redistributed.     |
// +---------------------------------------------+


include('includes/InterPhoto.Core.php');

$getfiles = explode('/', base64_decode(ForceIncomingString('file')));
$keycode = ForceString($getfiles[0]);
$imageid = ForceInt($getfiles[1]);

if(!$getfiles OR sizeof($getfiles) < 2 OR !$keycode OR !$imageid){
	die('File not found!');
}


if($imageid){
	$checkimage = $DB->query_first("SELECT i.path, i.filename FROM " . TABLE_PREFIX . "images i LEFT JOIN  " . TABLE_PREFIX . "categories c ON (c.categoryid = i.categoryid) WHERE (i.usergroupids = 'all' OR i.usergroupids LIKE '%(".$userinfo['groupid'].")%') AND i.actived = 1 AND c.actived = 1 AND i.imageid = $imageid AND i.sale = 0 ");
}

if($checkimage AND $userinfo['allowdownload'] AND $keycode == md5($checkimage['filename'].WEBSITE_KEY)){
	$image_path = BASEPATH.'MyWebsiteImages/'.$checkimage['path'].'_'.WEBSITE_KEY.'/original/'.$checkimage['filename'];

	$DB->query("UPDATE " . TABLE_PREFIX . "images SET downloadcount = (downloadcount + 1) WHERE imageid = '$imageid'");

	if (!file_exists($image_path)) {
		$image_path = BASEPATH.'MyWebsiteImages/'.$checkimage['path'].'_'.WEBSITE_KEY.'/760x760/'.$checkimage['filename'];
	}

	if (file_exists($image_path)) {
		$FileName = $_SERVER['HTTP_HOST'] . '_' . substr(md5(rand(0,9999)), 2, 8) . '.jpg';

		header('Pragma: public');
		header('Expires: 0');
		header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
		header('Content-Type: application/force-download');
		header('Content-Type: application/octet-stream');
		header('Content-Type: application/download');
		header('Content-Disposition: attachment; filename="'.$FileName.'"');
		header('Content-Transfer-Encoding: binary');
		readfile($image_path);
		exit();
	}
}

$smarty = new InterPhoto;
$smarty->assign('errortitle',$langs['download'].$langs['image'].$sys_langs['error']);
$smarty->assign('errors',$sys_langs['nopermissiondownload']);
$smarty->display('error.tpl');

?>